Three weeks ago, one of the biggest password breaches hit the news—over 16 billion logins stolen from the likes of Apple, Facebook, and Google. And if that did manage to hit your radar—if it didn’t, we understand, a lot is going on—you probably thought, “Eh, so what if they get my personal account, they can’t do much with it.” And that’s where you’re probably wrong. Let’s talk about your business’s online accounts and how they are probably linked to your (or one of your employees’) personal accounts and passwords.
The Common Mistake of Using Personal Logins and Passwords for Business Accounts
Ironically, the recent breach highlights three brands—Apple, Facebook, and Google—that love to make it easy to keep all your apps without switching logins. But that also means your Facebook Business profile? Probably linked to your personal account. Google? Your Google Business Listing, Google Analytics, or even your Gmail account, which you use for work, could all be compromised if your personal login is compromised. This can be true of other personal logins, like buying Microsoft Office for your team using your personal Outlook login. This is especially true for businesses established early in the internet age.
The Three Steps to Getting Your Business Account Protected
Call a meeting with your team, especially managers, and try to gather all the accounts tied to various parts of your business. This includes your website, software, and tools such as those from Google, Apple, and Microsoft, as well as any critical logins for things specific to your industry and business. This is important, spend the time.
Step One: Change Your Passwords and Enable 2FA
It might sound like a no-brainer, but your first step is to change your passwords. Go through that list and find the logins for everything important, and update passwords. While you’re at it, some platforms will ask you to enable Two-Factor Authentication (2FA), which typically involves receiving a code via phone or email. Enable this, and ensure it points to individuals who can respond (a more effective workaround is discussed later in this blog).
Step Two: Create New Management Accounts
Once you’ve avoided immediate breaches, it’s time to future-proof your business. You need accounts that are not attached to individuals. It’s not just that employees come and go; they also log off for meals, have sick days, and go on vacation. It’s essential to have accounts that aren’t tied to individuals, allowing everyone to use them.
Step Three: Get a Password Locker
Your final step is to centralize your passwords as well. You’re going to want to pay for a Password Locker—an online portal that securely stores your passwords and that you control who can access them. We recommend 1Password: it’s a good combination of functionality and price. Get access for all your team. Oh, and remember about 2FA? You can set that up to work via a VOIP (Voice Over IP, we use Grasshopper) so all your team can access that as well.
We’re writing this blog as a PSA because we’ve seen the kinds of setups our clients have used for Facebook, Google, and more, and the potential security headaches. It’s why we have gone through all the above steps and why—right now—I’m setting aside time to update all our passwords. As outsourced marketing, we hold the keys to many castles, and it’s our duty to be responsible to our clients.